package config

import (
	"crypto/tls"
	"crypto/x509"
	"os"
)

// EtcdConf etcd配置
type EtcdConf struct {
	Endpoints string `yaml:"endpoints"`
	Ca        string `yaml:"ca"`
	Cert      string `yaml:"cert"`
	Key       string `yaml:"key"`
}

// NewEtcdConf with default value
func NewEtcdConf() *EtcdConf {
	return &EtcdConf{
		Endpoints: "http://127.0.0.1:2379",
		Cert:      "",
		Ca:        "",
		Key:       "",
	}
}

// TLSConfig ...
func (c *EtcdConf) TLSConfig() (*tls.Config, error) {
	if c.Cert == "" || c.Ca == "" || c.Key == "" {
		return nil, nil
	}

	cert, err := tls.LoadX509KeyPair(c.Cert, c.Key)
	if err != nil {
		return nil, err
	}

	caData, err := os.ReadFile(c.Ca)
	if err != nil {
		return nil, err
	}
	pool := x509.NewCertPool()
	pool.AppendCertsFromPEM(caData)

	// nolint TLS MinVersion too low.
	tlsCfg := &tls.Config{
		Certificates: []tls.Certificate{cert},
		RootCAs:      pool,
	}

	return tlsCfg, nil
}